New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support uid/gids from target rootfs when using the --root option #14806
Comments
Does systemd-sysuser have the same problem ? Right now buildroot creates all users at build time using a script of its own but one of my plan was to move that to calling sysuser with --root at build time.... |
Seems like sysusers does load the databases manually, was almost certain it doesnt. SO I guess it wont have the problem. Btw. I just posted a set of patches to BR mailing list, might tale a look there so we don't step on each others toes |
Sure, i'll check that. Thx |
There are no nice apis to do NSS relative to some root dir, that's the problem here. |
If I use the The "filesystem" database should suffice, code for that is already in sysuser tool. Resolve names via passwd/group file and set the raw uid/gids. |
There are two libc APIs for accessing the user database: NSS/getpwuid(), and fgetpwent(). if we run in --root= mode (i.e. "offline" mode), let's use the latter. Otherwise the former. This means tmpfiles can use the database included in the root environment for chowning, which is a lot more appropriate. Fixes: systemd#14806
Fix waiting in #15718 |
There are two libc APIs for accessing the user database: NSS/getpwuid(), and fgetpwent(). if we run in --root= mode (i.e. "offline" mode), let's use the latter. Otherwise the former. This means tmpfiles can use the database included in the root environment for chowning, which is a lot more appropriate. Fixes: systemd#14806
Problem
I would like to prepare an rootfs for embedded, as read-only as possible.
This would include creating all files/directory on a different system, typically this is done in an fakeroot environment to allow creating archives with correct permissings and uids/gids.
To this effect,
tmpfilesd
sould be run in a similar fashion to this:The issue is that
systemd-tmpfiles
uses the uid/gids from the hosting PC, not the ones from the target filesystem. For example/var/log/journal
will almost certainly not end up with the correct gid in the target filesystem.I attached a testcase that should demonstrate the issue
The solution I would like
systemd-tmpfiles
(and potentially others creating files with uid/gid other than 0) should parse the 'ROOTFS/etc/{passwd,group}' files when the '--root' argument was provided, then use this database only for file modification (and checks)Describe alternatives you've considered
Unfortunately there is no
fakeroot
alternative that could transparently modify the library calls,fakeroot
cant resolve names differently to the running filesystem.Some
chroot
trickery would be possibly, but that needs root access, and might be really tricky if the target architecure is different.testcase.tar.gz
The text was updated successfully, but these errors were encountered: